From 9ab9f176d2062a3ae198b7108af949f044920e81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= Date: Sat, 10 Nov 2007 16:12:55 +0000 Subject: [PATCH] - apply patches from #1384 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2020 152afb58-edef-0310-8abb-c4023f1b3aa9 --- NEWS | 1 + src/server.c | 21 +++++++++++++-------- src/spawn-fcgi.c | 18 ++++++++++++------ 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/NEWS b/NEWS index acbec7da..925913e5 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ NEWS * added support for If-Range: (#1346) * added support for matching $HTTP["scheme"] in configs + * fixed initgroups() called after chroot (#1384) - 1.4.18 - 2007-09-09 diff --git a/src/server.c b/src/server.c index 132eb323..1c79d775 100644 --- a/src/server.c +++ b/src/server.c @@ -759,6 +759,19 @@ int main (int argc, char **argv) { return -1; } +#ifdef HAVE_PWD_H + /* + * Change group before chroot, when we have access + * to /etc/group + * */ + if (srv->srvconf.groupname->used) { + setgid(grp->gr_gid); + setgroups(0, NULL); + if (srv->srvconf.username->used) { + initgroups(srv->srvconf.username->ptr, grp->gr_gid); + } + } +#endif #ifdef HAVE_CHROOT if (srv->srvconf.changeroot->used) { tzset(); @@ -775,15 +788,7 @@ int main (int argc, char **argv) { #endif #ifdef HAVE_PWD_H /* drop root privs */ - if (srv->srvconf.groupname->used) { - setgid(grp->gr_gid); - setgroups(0, NULL); - } - if (srv->srvconf.username->used) { - if (srv->srvconf.groupname->used) { - initgroups(srv->srvconf.username->ptr, grp->gr_gid); - } setuid(pwd->pw_uid); } #endif diff --git a/src/spawn-fcgi.c b/src/spawn-fcgi.c index 8237e796..99042689 100644 --- a/src/spawn-fcgi.c +++ b/src/spawn-fcgi.c @@ -404,6 +404,18 @@ int main(int argc, char **argv) { } } + /* + * Change group before chroot, when we have access + * to /etc/group + */ + if (groupname) { + setgid(grp->gr_gid); + setgroups(0, NULL); + if (username) { + initgroups(username, grp->gr_gid); + } + } + if (changeroot) { if (-1 == chroot(changeroot)) { fprintf(stderr, "%s.%d: %s %s\n", @@ -420,13 +432,7 @@ int main(int argc, char **argv) { } /* drop root privs */ - if (groupname) { - setgid(grp->gr_gid); - } if (username) { - if (groupname) { - initgroups(username, grp->gr_gid); - } setuid(pwd->pw_uid); } }